CVE-2026-41907 — Out-of-bounds Write in Uuid
Severity
8.1HIGHNVD
EPSS
0.0%
top 87.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 24
Description
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0.
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N